Note: the 8900Decryptor (which doesn’t work) doesn’t look like the same with this algorithm.
crypt_1 BAB28FA5A3582BC95E463D0E7D8CABF9 iv_1 8EE8A2C9F308FB91264B993F8DFDA5EC hash = sha1(header[0:0x40]) buf1 = crypt_1 buf2 = hash[0:0x10] aes(buf1, size=0x10, type=1, key=0, iv=iv_1) aes_reset_key() aes(buf2, size=0x10, type=0, key=buf1, iv=[0]*16) aes_reset_key()if (memcmp(header[0x40:0x50], buf2)) fail ("bad header")
Or, in plain English, what the code seems to do is
1) hash first 0×40 bytes
2) encrypt crypt_1 with IV=iv_1 and no key(?)
3) encrypt the result of 1 with key=result of 2 and IV=all zeroes
4) compare the result of 3 with bytes at header+0×40
It seems that if type!=0 the “key” param is not used by aes()I‘m 99% sure that the algo is AES-128-CBC but I can’t reproduce the result…
Header examples
00: 38 39 30 30 31 2E 30 03 00 00 00 00 00 70 EF 00 10: 00 70 EF 00 80 70 EF 00 0A 0C 00 00 DC 76 C6 77 20: BB EA 47 2D 86 57 60 87 41 35 59 21 AC 15 5E 17 30: 59 23 4D 76 93 96 63 D0 26 B0 A0 EB 00 00 02 00 40: 84 1B EC 18 20 0D C6 4E F3 85 8E 7A A0 EE 0C 63 00: 38 39 30 30 31 2E 30 03 00 00 00 00 70 A6 32 00 10: 70 A6 32 00 F0 A6 32 00 0A 0C 00 00 94 F0 9E 14 20: E4 C6 4A 15 9B 89 18 8C 25 00 43 44 2B 3B 17 5A 30: AE 8E 45 6D B1 58 55 CB A2 B4 37 62 00 00 02 00 40: B3 00 2A 61 22 09 7E F8 2B 59 27 F0 BE 49 87 E0